Forced Browsing

Description

The application allows users to browse to resources that are not properly protected. Attackers may forcefully browse the application in order to uncover hidden resources. In other cases, an analysis of the platform or infrastructure may gives clues to attackers regarding how to find additional resoruces. This vulnerability is often the result of using a security by obscurity policy or not properly implementing authorization rules.

Custom Description

Impact

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

Subscribe here in order to gain access to the AppSec Findings Database